DFARS

DFARS and DIB: Compliance Steps for DoD’s Newly Finalized Cybersecurity Rules for Contractors

Department of Defense Finalized Cybersecurity Rules for Contractors and Other Awardees. The First rule amends the Defense Federal Acquisition Regulation Supplement and went into effect on October 21, 2016 (“DFARS Rule”). The other rule modifies the previously voluntary DoD cybersecurity information sharing program (“DIB Rule”) and is set to come into effect on November 3, 2016. Aerial view of the Pentagon, the Department of Defense headquarters in Arlington, Virginia

For businesses that work with the U.S. Department of Defense (“DoD”), two important rules for safeguarding certain categories of sensitive information and reporting cyber incidents were recently finalized, updating the interim rules promulgated in late 2015. The first rule amends the Defense Federal Acquisition Regulation Supplement (“DFARS Rule”) and went into effect on October 21, 2016.  The second rule modifies the previously voluntary DoD cybersecurity information-sharing program in connection with the Defense Industrial Base (“DIB Rule”) and went into effect on November 3, 2016.

We previously explained the changes brought about by the interim rules. Here, we explain what changed after the rules’ comment periods, and provide suggestions for compliance.

READ MORE